LDAP authentication AD search user not updating

CharlesLamar · Post by **CharlesLamar** » Mon May 13, 2013 11:55 am

I've been trying to get a new 0.8.8a installation (on RHEL, installed from EPEL) to authenticate with our AD.

I mistakenly entered the original configuration utilizing our management group instead of the system account that has been authorized for searches (anonymous searching is disabled). Even though I've changed it, Cacti is still attempting to search by logging in with the group name, instead of the account name.

Code: Select all

Account For Which Logon Failed: 
        Security ID:            NULL SID 
        Account Name:           [admin group] 
        Account Domain:         [domain]

[admin group] should be [user]

: CactiLDAP.png (60.86 KiB) Viewed 1189 times

Any ideas on where I should look to clear that cached information? I've rebooted, restarted Apache, etc.

Thanks,
Chaz

victorantunes · Post by **victorantunes** » Mon May 13, 2013 2:50 pm

Go into MySQL and try this:

Code: Select all

select name, value from settings where name = 'ldap_specific_dn';

If that doesn't help, there are other LDAP settings on that table which may hold your answer.

CharlesLamar · Post by **CharlesLamar** » Wed May 15, 2013 8:41 am

victorantunes wrote:Go into MySQL and try this:
Code: Select all
select name, value from settings where name = 'ldap_specific_dn';
If that doesn't help, there are other LDAP settings on that table which may hold your answer.

: Cacti-ldap_specific_dn.png (18.88 KiB) Viewed 1174 times

This looks right, it has the user there...not the group.
I'll take a look around the settings table & see what I can find.

Thanks,
Chaz

CharlesLamar · Post by **CharlesLamar** » Wed May 15, 2013 2:24 pm

There are no other references to the search user in the DB.

Are there any other issues with the settings I've got configured?

Thanks,
Chaz

victorantunes · Post by **victorantunes** » Wed May 15, 2013 2:57 pm

There's a docs page on AD: http://docs.cacti.net/manual:087:2_basi ... te_with_ad

or maybe this thread will help you: http://forums.cacti.net/viewtopic.php?f=21&t=11982

CharlesLamar · Post by **CharlesLamar** » Thu May 16, 2013 11:31 am

victorantunes wrote:There's a docs page on AD: http://docs.cacti.net/manual:087:2_basi ... te_with_ad

or maybe this thread will help you: http://forums.cacti.net/viewtopic.php?f=21&t=11982

Thanks for the links.
I'd seen the first & the 2nd seemed more focused on role based access via AD groups, than straight LDAP authentication.

However, it seems that something cached has become uncached, because I was able to login with an LDAP account.

Thanks for the help, everyone.
-Chaz

: Cacti-ldap_loggedin.png (14.39 KiB) Viewed 1151 times

Cacti

LDAP authentication AD search user not updating

LDAP authentication AD search user not updating

Re: LDAP authentication AD search user not updating

Re: LDAP authentication AD search user not updating

Re: LDAP authentication AD search user not updating

Re: LDAP authentication AD search user not updating

Re: LDAP authentication AD search user not updating

Who is online